CVE-2017-17312

Name of the Vulnerable Software and Affected Versions: Huawei Firewall products USG2205BSR version V300R001C10SPC600 Huawei Firewall products USG2220BSR version V300R001C00 Huawei Firewall products USG5120BSR version V300R001C00 Huawei Firewall products USG5150BSR version V300R001C00

Description: The issue is related to a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. This vulnerability is caused by improper handling of malformed messages. An attacker can exploit this by sending crafted packets to the affected device, potentially leading to a denial of service.

Recommendations: For USG2205BSR version V300R001C10SPC600, update the IPSEC IKEv1 implementation to properly handle malformed messages. For USG2220BSR version V300R001C00, update the IPSEC IKEv1 implementation to properly handle malformed messages. For USG5120BSR version V300R001C00, update the IPSEC IKEv1 implementation to properly handle malformed messages. For USG5150BSR version V300R001C00, update the IPSEC IKEv1 implementation to properly handle malformed messages. As a temporary workaround, consider restricting access to the IPSEC IKEv1 implementation until a patch is available.